The threat, which is being called “Heartbleed,” was discovered by a small team from the Finnish security firm Codenomicon. Hackers had cracked the encryption technology used to protect online accounts for emails, instant messaging and a wide range of electronic-funds transfer.

The threat went undetected for more than two years, according to the Associated Press. “I don’t think anyone that had been using this technology is in a position to definitively say they weren’t compromised,” David Chartier, Codenomicon’s CEO, told the AP. Further, it’s impossible to know whether an individual’s security was compromised as it would not have left a distinct digital footprint, experts say.

Yahoo Inc., which has than 800 million users worldwide, is among the Internet services that could potentially be affected. The Sunnyvale, Calif., company said in a statement Tuesday that most of its most popular services had been “fixed,” but there’s no way of knowing whose accounts may have been compromised. According to the AP, Heartbleed creates an opening in SSL/TLS, an open-source encryption technology marked by the small, closed padlock and “https:” on Web browsers to signify that traffic is secure. The flaw makes it possible to spy on Internet traffic even if the padlock had been closed. Perpetrators could also steal the keys for deciphering encrypted data without the website owners knowing the theft had occurred, security researchers say.

Abouttwo-thirds of Web servers rely on OpenSSL.

Now is a good time to change your most critical passwords, as many sites have now installed the Heartbleed “fix.” Changing one’s password too soon after a breach could do you no good, experts say, if the affected site is not yet clear of issues.